Let’s say a client is created & registered with 3 scopes - read, create, delete
And user of the app authorized all 3 scopes for that client.
Later on, it was realized that client should not have had delete scope and as a result, we want to update client with revised scopes as read and create (removing delete scope)
What’s the best practice to handle/manage existing access tokens, which may have to be invalidated because it contains not just read and write but delete scope as well?
Or is that something can be achieved by deleting the client altogether and creating a new one with revised scopes? Any other alternatives?
Please advise.